of 172 page(s)
ASCII Art spam makes a comeback
December 20, 2010
ASCII art uses cleverly arranged standard keyboard characters as well as extended character sets to create pictures or messages in a kind-of low-resolution graphic.
Spammers have used this technique in the past to evade content-based anti-spam filters - the jumble of characters that is used is simply not detected as spam. This newer version includes a clickable link (previous generations simply spelled out the name of the advertised website).
Hallmark Card Malware run with a little bit of a difference
December 6, 2010
We detected a new email run of malware and released definition files for it. We call it W32/Trojan2.NLUQ. The email is a bit unusual in its presentation.
It grabs scripts and graphics from the Hallmark page which it will display in your email client. All of the clickable links in the email points to the Hallmark site.
The catch is twofold. First it asks you to forward the email to 7 people and it has a malware attachment.
Not a "Halmark" Greetings Card
November 29, 2010
With the holiday season just around the corner we were not surprised to receive some greeting card emails. Viewing the "from address" of the email as shown below gives a hint that it's truly spam. The email is from "Halmark Greetings"?
"Halmark" with a single 'L'? The correct spelling is of course 'Hallmark' (the largest manufacturer of greeting cards in the United States).
De-obfuscating the code shows the real intention of the attacker - downloading and executing malware through exploits. The malware exploits a range of vulnerabilities in RealPlayer, JAVA, Flash Player and Adobe Reader.
Using unicode to trick users to install malware
November 10, 2010
A unicode code inserted into a filename makes it look like a legitimate doc or xls - but it contains malware.
Please wait while we infect your computer - more malicious HTML attachments
August 30, 2010
Commtouch labs have detected large volumes of emails with malicious HTML attachments. The emails purport to come from a range of legitimate sites including...
Widespread fake Amazon orders lead to PDF malware
July 22, 2010
Well-crafted emails mimicking Amazon order confirmations have been detected in large quantities in the past week. The Amazon logo and "your account" button actually take image files from the Amazon website.
HTML attachments - now with malware!
July 21, 2010
In the last few weeks we have detected increasing usage of HTML attachments in a variety of message types - all of them attempting to install malware.
Reset your Twitter password - Malware
June 15, 2010
Commtouch labs have received scores of emails targeting twitter users. The emails have been neatly constructed to include the email address within the email - making them look more genuine.
Recipients are asked to open an attached html file to view their new password. The website that loads contains a browser exploit. Not very friendly...
Google adwords phishing attempt
May 27, 2010
This one almost had us convinced for about half a second with some fine phishing touches...
Free hosting for phishing pages
May 13, 2010
Yesterday we announced our collaboration with RSA, The Security Division of EMC, in which we now provide real-time phishing data to the RSA® FraudActionSM Anti-Phishing Service to further help prevent online fraud and identity theft. The phishing data
Aside from the traditional "dedicated" phishing sites, we also detect sites that have been hidden within legitimate sites. In our Q1 2010 trend report we provided statistics for these in the section entitled "Compromised websites - Categories infected with phishing." As described in the trend report, these legitimate sites infected with phishing are generally not changed in any obvious way. The phishing page is added by a hacker - unbeknownst to the site owner - and the link to the page is then inserted into phishing emails. The screenshots below show a recentexample identified by the Commtouch team of a legitimate site that is unknowingly hiding a Bank of America phishing page. Phishers gain several advantages from this ploy: * The legitimate site name lends legitimacy to the link * The phishing page is hosted for free * It usually takes several days or more to detect and remove the page
Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.